|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Suoritin 100% ja selaimen outo käytös Hjt logi.
|
|
|
jakke1983
Suspended due to non-functional email address
|
10. helmikuuta 2009 @ 14:44 |
Linkki tähän viestiin
|
Viimepäivinä kone alkanut käyttäytymään oudosti: Selain sekosi aivan totaalisesti(chrome, jotain virheilmoitusta tyrkkäs kokoajan, ikkunaa ikkunan perään ja suoritin käyttö 100%). Eilen illalla, kun yritin sammuttaa koneen ei mitään tapahtunut(jäi työpöydälle ja herjas jotain virhettä kun yritin mennä taskmanageriin) sammutin napista koneen pistin uudestaan päälle(ajoin ccleanerin ja suljin uudestaan , sitten toimi normaalisti). Löytyyköhän mitään ylimääräistä?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:14, on 10.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Jakke\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Q3E Minimizer v1.51\Q3E Minimizer_v1.51.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Users\Jakke\Downloads\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iltasanomat.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/d...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jakke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.51] C:\Program Files\Q3E Minimizer v1.51\Q3E Minimizer_v1.51.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 8898 bytes
|
|
Hujo
Suspended permanently
|
10. helmikuuta 2009 @ 14:56 |
Linkki tähän viestiin
|
katso että ei ole tuossa realiaikainen päällä
Avaa Windows Defender.
Klikkaa Tools ja General Settings.
Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
Tämän jälkeen klikkaa Save ja sulje Windows Defender.
1. Käynnistä Spybot-S&D Edistyneessä tilassa
2. Jos se ei ole Edistyneessä tilassa, mene Tila-valikkoon ja valitse Edistynyt tila
3. Klikkaa vasemmalla Työkalut
4. Klikkaa listassa Pysyvä suojaus
5. Ota rasti pois kohdasta "Pysyvä TeaTimer" ja paina OK.
6. Käynnistä kone uudelleen.
===============
Kato että ei ole vistan palomuuri päällä
===============
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi
==================
Lataa ja suorita Norton-poistotyökalu
===============
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2
älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
|
|
jakke1983
Suspended due to non-functional email address
|
10. helmikuuta 2009 @ 21:07 |
Linkki tähän viestiin
|
|
Malwarebytes' Anti-Malware 1.33
Tietokantaversio: 1743
Windows 6.0.6001 Service Pack 1
10.2.2009 21:06:21
mbam-log-2009-02-10 (21-06-21).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 162533
Kulunut aika: 58 minute(s), 45 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
ps.laitan ton combon kun saan sen tehtyä
|
|
Hujo
Suspended permanently
|
10. helmikuuta 2009 @ 21:09 |
Linkki tähän viestiin
|
|
ei mitään kiirusta kaikessa rauhassavain ja tarkasti ;D
Voiko tietsikka koskaan toimia?
|
|
jakke1983
Suspended due to non-functional email address
|
10. helmikuuta 2009 @ 21:33 |
Linkki tähän viestiin
|
ComboFix 09-02-10.01 - Jakke 2009-02-10 21:16:11.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.3326.1959 [GMT 2:00]
Sijainti: c:\users\Jakke\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Uusi palautuspiste luotu
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-10 to 2009-02-10 )))))))))))))))))
.
2009-02-10 14:48 . 2009-02-10 14:48 <KANSIO> d-------- c:\users\All Users\NortonInstaller
2009-02-10 14:48 . 2009-02-10 14:48 <KANSIO> d-------- c:\programdata\NortonInstaller
2009-02-09 03:04 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-09 03:04 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-09 03:04 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-09 03:04 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-09 03:04 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-30 20:59 . 2009-01-30 20:59 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-01-29 04:23 . 2009-01-29 04:23 <KANSIO> d-------- c:\users\Jakke\AppData\Roaming\Download Manager
2009-01-28 12:02 . 2008-10-28 11:03 1,048,576 --a------ c:\windows\M3A78-EM-1103.ROM
2009-01-28 01:50 . 2009-01-28 01:50 <KANSIO> d-------- c:\program files\Microsoft
2009-01-25 18:41 . 2009-01-25 20:42 <KANSIO> d-------- c:\program files\B2BPOKER
2009-01-25 13:47 . 2007-09-12 04:28 356,352 --a------ c:\windows\System32\nvuninst.exe
2009-01-25 13:47 . 2007-09-12 04:28 356,352 --a------ c:\windows\System32\nvudisp.exe
2009-01-22 19:43 . 2009-01-22 20:01 <KANSIO> d-------- c:\windows\System32\Adobe
2009-01-19 02:24 . 2009-01-28 12:02 755,569 --a------ c:\windows\M3A78-EM-1103.zip
2009-01-19 02:06 . 2008-10-04 01:17 133,120 --a------ c:\windows\System32\drivers\Rtlh86.sys
2009-01-19 02:06 . 2008-07-21 13:08 9,728 --a------ c:\windows\System32\RtNicProp32.dll
2009-01-19 01:45 . 2009-01-19 01:45 <KANSIO> d-------- c:\users\Jakke\AppData\Roaming\Corel
2009-01-19 01:45 . 2009-01-31 21:40 2,516 --ahs---- c:\windows\System32\KGyGaAvL.sys
2009-01-19 01:45 . 2009-01-19 01:45 8 -r-hs---- c:\windows\System32\785B4A2811.sys
2009-01-19 01:44 . 2009-01-19 01:44 <KANSIO> d-------- c:\users\All Users\WinZip
2009-01-19 01:44 . 2009-01-19 01:44 <KANSIO> d-------- c:\programdata\WinZip
2009-01-19 01:32 . 2009-01-19 01:32 <KANSIO> d--h----- C:\ASUS.SYS
2009-01-19 01:32 . 2009-01-19 01:32 <KANSIO> d--h----- C:\ASUS.000
2009-01-19 01:29 . 2009-01-19 01:29 <KANSIO> d-------- c:\users\All Users\Corel
2009-01-19 01:29 . 2009-01-19 01:29 <KANSIO> d-------- c:\programdata\Corel
2009-01-19 01:28 . 2009-01-19 01:28 <KANSIO> d-------- c:\program files\Corel
2009-01-19 01:28 . 2009-01-19 01:28 <KANSIO> d-------- c:\program files\Common Files\PX Storage Engine
2009-01-19 01:28 . 2009-01-19 01:28 <KANSIO> d-------- c:\program files\Common Files\Corel
2009-01-19 01:28 . 2007-12-11 04:50 27,648 -ra------ c:\windows\System32\drivers\RtNdPt60.sys
2009-01-19 01:26 . 2009-01-19 01:26 <KANSIO> d-------- c:\program files\AMD
2009-01-19 01:24 . 2009-01-19 01:35 660 --a------ c:\windows\setup.iss
2009-01-19 01:23 . 2004-02-27 00:00 962,612 --a------ c:\windows\System32\mfc42d.dll
2009-01-19 01:23 . 2004-02-17 00:00 434,252 --a------ c:\windows\System32\MSVCRTD.DLL
2009-01-19 01:18 . 2008-04-28 04:07 <KANSIO> d-------- c:\windows\ASUSInstAll
2009-01-19 01:18 . 2007-11-14 09:18 553 -r------- c:\windows\USetup.iss
2009-01-19 01:16 . 2009-01-19 01:22 31,936 --a------ c:\windows\Ascd_tmp.ini
2009-01-15 01:56 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 22:33 . 2009-01-14 22:33 410,984 --a------ c:\windows\System32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 18:03 352,615 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-02-10 17:46 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-10 12:50 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-10 00:27 201,440 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-10 00:27 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-09 11:06 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2009-02-05 07:35 2,832,896 ----a-w c:\windows\Internet Logs\xDB75BB.tmp
2009-02-05 07:34 --------- d-----w c:\users\Jakke\AppData\Roaming\LimeWire
2009-01-30 18:59 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 18:59 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-30 18:59 --------- d-----w c:\programdata\avg8
2009-01-25 12:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-23 17:59 --------- d-----w c:\users\Jakke\AppData\Roaming\Azureus
2009-01-22 20:31 180 ----a-w c:\users\Jakke\AppData\Roaming\wklnhst.dat
2009-01-21 15:04 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-19 00:32 --------- d-----w c:\program files\CCleaner
2009-01-19 00:06 --------- d-----w c:\program files\Realtek
2009-01-18 23:35 --------- d-----w c:\program files\ASUS
2009-01-18 23:31 --------- d-----w c:\programdata\Ulead Systems
2009-01-18 23:31 --------- d-----w c:\program files\Ulead Systems
2009-01-18 23:31 --------- d-----w c:\program files\Common Files\Ulead Systems
2009-01-18 23:17 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-15 02:58 --------- d-----w c:\program files\Windows Mail
2009-01-14 20:33 --------- d-----w c:\program files\Java
2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 13:36 5,069,498 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-01-09 01:01 --------- d-----w c:\program files\Common Files\EasyInfo
2009-01-08 11:38 --------- d-----w c:\program files\ATI
2009-01-07 19:21 --------- d-----w c:\programdata\InstallShield
2009-01-07 19:20 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-07 01:56 --------- d-----w c:\program files\Combined Community Codec Pack
2009-01-06 19:44 --------- d-----w c:\programdata\ATI
2009-01-06 19:41 --------- d-----w c:\program files\ATI Technologies
2009-01-03 09:17 --------- d-----w c:\program files\GameSpy Arcade
2008-12-31 12:25 --------- d-----w c:\program files\EA GAMES
2008-12-31 02:00 --------- d-----w c:\program files\SpeedFan
2008-12-29 13:25 --------- d---a-w c:\programdata\TEMP
2008-12-16 15:04 --------- d-----w c:\program files\BurnAware Free
2008-12-16 01:27 --------- d-----w c:\program files\Lavalys
2008-12-14 21:30 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-14 21:23 --------- d-----w c:\program files\AVG
2008-12-14 21:13 --------- d-----w c:\program files\Common Files\PC Tools
2008-12-12 16:30 --------- d-----w c:\programdata\NVIDIA
2008-12-12 16:23 --------- d-----w c:\users\Jakke\AppData\Roaming\ATI
2008-12-12 16:21 --------- d-----w c:\program files\Common Files\ATI Technologies
2008-12-12 16:11 1,794,560 ----a-w c:\windows\Internet Logs\xDB643E.tmp
2008-12-11 20:05 --------- d-----w c:\programdata\Microsoft Help
2008-12-01 20:47 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll
2008-12-01 20:46 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2008-12-01 20:45 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2008-12-01 20:45 331,776 ----a-w c:\windows\System32\atipdlxx.dll
2008-12-01 20:45 274,432 ----a-w c:\windows\System32\Ati2evxx.dll
2008-12-01 20:45 262,144 ----a-w c:\windows\System32\Oemdspif.dll
2008-12-01 20:44 720,896 ----a-w c:\windows\System32\Ati2evxx.exe
2008-12-01 20:35 2,340,352 ----a-w c:\windows\System32\atidxx32.dll
2008-12-01 20:29 4,033,536 ----a-w c:\windows\System32\atiumdag.dll
2008-12-01 20:17 10,981,376 ----a-w c:\windows\System32\atioglxx.dll
2008-12-01 20:09 4,754,432 ----a-w c:\windows\System32\atiumdva.dll
2008-12-01 19:57 846,336 ----a-w c:\windows\System32\pbsetup.exe
2008-12-01 19:56 98,304 ----a-w c:\windows\System32\atiadlxx.dll
2008-12-01 19:56 57,344 ----a-w c:\windows\System32\amdcalrt.dll
2008-12-01 19:56 53,248 ----a-w c:\windows\System32\amdcalcl.dll
2008-12-01 19:56 50,688 ----a-w c:\windows\System32\amdpcom32.dll
2008-12-01 19:53 3,256,320 ----a-w c:\windows\System32\amdcaldd.dll
2008-11-20 13:04 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-11-20 12:59 22,328 ----a-w c:\users\Jakke\AppData\Roaming\PnkBstrK.sys
2008-11-20 12:58 2,250,024 ----a-w c:\windows\System32\pbsvc.exe
2008-09-22 19:21 2,928,600 ----a-w c:\users\Jakke\ccsetup211.exe
2008-09-08 11:52 585,933 ----a-w c:\users\Jakke\cpuz_147.zip
2008-04-16 17:57 174 --sha-w c:\program files\desktop.ini
2008-02-10 19:35 116 ----a-w c:\users\Yleinen\AppData\Roaming\wklnhst.dat
2008-01-15 14:51 113,152 ----a-w c:\program files\Asuntohakemus.doc
2008-01-14 11:29 32,981,120 ----a-w c:\program files\avg75free_516a1225.exe
2007-08-23 21:14 520,596 ----a-w c:\users\Jakke\sl.GameLauncher-Install-080.exe
2007-08-23 21:06 270,305,943 ----a-w c:\users\Jakke\WolfET.exe
2005-10-11 17:33 1,126,400 ----a-w c:\users\Jakke\cgame_mp_x86.dll
2005-09-26 19:05 364,544 ----a-w c:\users\Jakke\ui_mp_x86.dll
2008-06-07 22:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2008-05-13 13:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051320080514\index.dat
2008-06-07 22:41 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060820080609\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-21 171448]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-19 192000]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Jakke\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Ai Nap"="c:\program files\ASUS\Ai Nap\AiNap.exe" [2008-05-26 1423360]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
c:\users\Yleinen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 -n?ytt?leikkeet ja Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-08-17 11:50 483144 c:\program files\Corel\Corel MediaOne\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-14 22:33 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 09:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= Profile=Public|c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{5E86D161-A321-4A82-8A79-8C2D4A2360F7}"= UDP:c:\program files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{9984BC10-C325-46E8-8042-B0231C62712F}"= TCP:c:\program files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{A520C653-CD1D-4E44-92E0-9ABBE0A7C13D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8F1C8649-1757-4B17-9834-0EB0EEDCF2EB}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{CB310B27-6C63-4EF2-92BB-B6D47BAC91DA}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{3186453A-D053-450A-9566-047029A4DAA2}"= Disabled:UDP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{0033281F-2467-440C-BA9C-45B3C0F83678}"= Disabled:TCP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{142313C5-4B77-4666-BD32-A8A5AA006B55}"= Disabled:UDP:c:\users\Jakke\Documents\Downloads\Anapod\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{7352203C-9465-4FE1-A99E-8B7E64083ECD}"= Disabled:TCP:c:\users\Jakke\Documents\Downloads\Anapod\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{7BD9C4D0-FB8F-49EE-A76C-0BE5914F48EE}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{664DB7A3-EF9C-4717-BBA4-B2A51B76F5BE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{60E1FBF2-2F64-42FF-AB2F-984047DC5CD3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4617F71D-51E9-4FEC-99C0-8549B3862A9A}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{27612DD1-0DB4-4533-825A-C86866049E6B}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{97B18344-FA5D-47A8-BF44-7D1A501A617D}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= UDP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"UDP Query User{4817311A-756A-49F4-9EDF-61D5587A794B}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= TCP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"{3A808C2A-DD1C-4DA5-9774-D3BA99D02600}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0BB35BD1-D7C1-47AB-8539-A93790EAAA57}"= TCP:21397:utorrent
"{C9C1D107-C05F-4069-84D4-DDB96FB3D7D1}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{88D026ED-0D5D-440A-BB7D-FC62A1C892E2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3CBBEDE7-0D67-483F-8315-073C771FBAB2}"= Disabled:c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{7E4DC6C4-8F21-42F1-A5E1-117A467E473E}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{534D945F-856F-4D64-A3D2-D95E96295030}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{DFBBB393-770E-41B1-A6B4-D34702298B49}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{CCAE937A-E631-49DC-AD86-1F5545857694}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{45A517BC-8ED1-4DAA-8175-1840CC63CF47}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{B6FF287D-A09E-4DEE-832E-1659B072FD0E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{8654E7A2-9D10-47BB-A069-8E8F976A39FA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{52FA914C-5A85-4A46-BA5A-31EE89436FA8}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8C0BCB84-20CD-48D9-B3DB-EE9C8F480242}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C9F9EC0F-28DB-4B03-9A87-7EC66A5BD363}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{85A6A6D3-0852-4137-8064-355357E4676E}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{F3DB9150-D445-4E6E-AE64-949D931C4E8A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{2453A31A-9147-48DB-93F4-62D453A58FB7}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{40538963-8EC1-45BE-94D5-AEE834E3658E}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{C51ABAEB-9801-4A28-9100-1D709023A2E3}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{1BD7C3C5-4752-40C6-B8CD-4C98B1051056}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{09BEFF4E-D93A-42F8-8F10-3D2CFECD910E}c:\\program files\\b2bpoker\\pokerihuone\\jre\\bin\\javaw.exe"= UDP:c:\program files\b2bpoker\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{0CC3CE34-3CFB-4447-8061-0FDB49DD772C}c:\\program files\\b2bpoker\\pokerihuone\\jre\\bin\\javaw.exe"= TCP:c:\program files\b2bpoker\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\Anapod Explorer\\anamgr.exe"= d:\anapod explorer\anamgr.exe:*:Enabled:Anapod Xtreamer
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-12-14 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-30 107272]
R1 pctfw2;pctfw2;c:\windows\System32\drivers\pctfw2.sys [2008-06-10 160792]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-05-05 266343]
R2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [2003-09-29 110592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-14 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 298264]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [2009-01-19 27648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot\SDWinSec.exe [2008-07-25 809296]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\System32\drivers\CM108.sys [2007-06-28 1310720]
S0 NVStrap;NVStrap;c:\windows\System32\drivers\NVStrap.sys [2008-07-23 4224]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\System32\drivers\hcw95bda.sys [2007-11-23 467456]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\System32\drivers\hcw95rc.sys [2007-11-23 15488]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - e:\bin\assetup.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2009-02-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2009-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-722837541-283450161-3600718556-1000.job
- c:\users\Jakke\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-26 00:31]
2009-02-10 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-04-09 10:23]
.
- - - - POISTETUT JÄMÄRIVIT - - - -
HKU-Default-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://iltasanomat.fi/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fi.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jakke\AppData\Roaming\Mozilla\Firefox\Profiles\hgir040u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Jakke\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
---- FIREFOXIN KÄYTÄNNÖT ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 21:18:08
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
Valmistumisajankohta: 2009-02-10 21:20:07
ComboFix-quarantined-files.txt 2009-02-10 19:20:04
Ennen ajoa: 69 430 620 160 tavua vapaana
Ajon jälkeen: 69,480,816,640 tavua vapaana
329 --- E O F --- 2009-02-09 01:09:57
Tuossapa tuo on. Tuo Defenderin ja Spybotin säätö nopeutti, sekä paransi järjestelmän toimintaa välittömästi :) Saas nähdä mitä tuo Combo sanoo... Oikein paljon kiitoksia jo tässä vaiheessa.
|
|
Hujo
Suspended permanently
|
10. helmikuuta 2009 @ 21:47 |
Linkki tähän viestiin
|
Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio
Lainaus:
Folder::
c:\users\All Users\NortonInstaller
c:\program files\Common Files\Symantec Shared
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Tallenna se nimellä CFScript.txt työpöydälle
Sitten raahaa CFScript ComboFix.exeen kuten alla.
combofix työstää tulee sininen taulu paina numeroa 1 ja enter
Laita tuleva loki tänne.
Sammutat ja käynnistät koneen
Voiko tietsikka koskaan toimia?
|
|
jakke1983
Suspended due to non-functional email address
|
10. helmikuuta 2009 @ 22:01 |
Linkki tähän viestiin
|
ComboFix 09-02-10.01 - Jakke 2009-02-10 21:53:18.2 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.3326.1829 [GMT 2:00]
Sijainti: c:\users\Jakke\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Jakke\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Uusi palautuspiste luotu
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\users\All Users\NortonInstaller
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-10 to 2009-02-10 )))))))))))))))))
.
2009-02-09 03:04 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-09 03:04 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-09 03:04 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-09 03:04 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-09 03:04 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-30 20:59 . 2009-01-30 20:59 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-01-29 04:23 . 2009-01-29 04:23 <KANSIO> d-------- c:\users\Jakke\AppData\Roaming\Download Manager
2009-01-28 12:02 . 2008-10-28 11:03 1,048,576 --a------ c:\windows\M3A78-EM-1103.ROM
2009-01-28 01:50 . 2009-01-28 01:50 <KANSIO> d-------- c:\program files\Microsoft
2009-01-25 18:41 . 2009-01-25 20:42 <KANSIO> d-------- c:\program files\B2BPOKER
2009-01-25 13:47 . 2007-09-12 04:28 356,352 --a------ c:\windows\System32\nvuninst.exe
2009-01-25 13:47 . 2007-09-12 04:28 356,352 --a------ c:\windows\System32\nvudisp.exe
2009-01-22 19:43 . 2009-01-22 20:01 <KANSIO> d-------- c:\windows\System32\Adobe
2009-01-19 02:24 . 2009-01-28 12:02 755,569 --a------ c:\windows\M3A78-EM-1103.zip
2009-01-19 02:06 . 2008-10-04 01:17 133,120 --a------ c:\windows\System32\drivers\Rtlh86.sys
2009-01-19 02:06 . 2008-07-21 13:08 9,728 --a------ c:\windows\System32\RtNicProp32.dll
2009-01-19 01:45 . 2009-01-19 01:45 <KANSIO> d-------- c:\users\Jakke\AppData\Roaming\Corel
2009-01-19 01:45 . 2009-01-31 21:40 2,516 --ahs---- c:\windows\System32\KGyGaAvL.sys
2009-01-19 01:45 . 2009-01-19 01:45 8 -r-hs---- c:\windows\System32\785B4A2811.sys
2009-01-19 01:44 . 2009-01-19 01:44 <KANSIO> d-------- c:\users\All Users\WinZip
2009-01-19 01:44 . 2009-01-19 01:44 <KANSIO> d-------- c:\programdata\WinZip
2009-01-19 01:32 . 2009-01-19 01:32 <KANSIO> d--h----- C:\ASUS.SYS
2009-01-19 01:32 . 2009-01-19 01:32 <KANSIO> d--h----- C:\ASUS.000
2009-01-19 01:29 . 2009-01-19 01:29 <KANSIO> d-------- c:\users\All Users\Corel
2009-01-19 01:29 . 2009-01-19 01:29 <KANSIO> d-------- c:\programdata\Corel
2009-01-19 01:28 . 2009-01-19 01:28 <KANSIO> d-------- c:\program files\Corel
2009-01-19 01:28 . 2009-01-19 01:28 <KANSIO> d-------- c:\program files\Common Files\PX Storage Engine
2009-01-19 01:28 . 2009-01-19 01:28 <KANSIO> d-------- c:\program files\Common Files\Corel
2009-01-19 01:28 . 2007-12-11 04:50 27,648 -ra------ c:\windows\System32\drivers\RtNdPt60.sys
2009-01-19 01:26 . 2009-01-19 01:26 <KANSIO> d-------- c:\program files\AMD
2009-01-19 01:24 . 2009-01-19 01:35 660 --a------ c:\windows\setup.iss
2009-01-19 01:23 . 2004-02-27 00:00 962,612 --a------ c:\windows\System32\mfc42d.dll
2009-01-19 01:23 . 2004-02-17 00:00 434,252 --a------ c:\windows\System32\MSVCRTD.DLL
2009-01-19 01:18 . 2008-04-28 04:07 <KANSIO> d-------- c:\windows\ASUSInstAll
2009-01-19 01:18 . 2007-11-14 09:18 553 -r------- c:\windows\USetup.iss
2009-01-19 01:16 . 2009-01-19 01:22 31,936 --a------ c:\windows\Ascd_tmp.ini
2009-01-15 01:56 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 22:33 . 2009-01-14 22:33 410,984 --a------ c:\windows\System32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 18:03 352,615 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-02-10 17:46 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-10 00:27 201,440 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-10 00:27 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-09 11:06 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2009-02-05 07:35 2,832,896 ----a-w c:\windows\Internet Logs\xDB75BB.tmp
2009-02-05 07:34 --------- d-----w c:\users\Jakke\AppData\Roaming\LimeWire
2009-01-30 18:59 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 18:59 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-30 18:59 --------- d-----w c:\programdata\avg8
2009-01-25 12:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-23 17:59 --------- d-----w c:\users\Jakke\AppData\Roaming\Azureus
2009-01-22 20:31 180 ----a-w c:\users\Jakke\AppData\Roaming\wklnhst.dat
2009-01-21 15:04 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-19 00:32 --------- d-----w c:\program files\CCleaner
2009-01-19 00:06 --------- d-----w c:\program files\Realtek
2009-01-18 23:35 --------- d-----w c:\program files\ASUS
2009-01-18 23:31 --------- d-----w c:\programdata\Ulead Systems
2009-01-18 23:31 --------- d-----w c:\program files\Ulead Systems
2009-01-18 23:31 --------- d-----w c:\program files\Common Files\Ulead Systems
2009-01-18 23:17 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-15 02:58 --------- d-----w c:\program files\Windows Mail
2009-01-14 20:33 --------- d-----w c:\program files\Java
2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 13:36 5,069,498 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-01-09 01:01 --------- d-----w c:\program files\Common Files\EasyInfo
2009-01-08 11:38 --------- d-----w c:\program files\ATI
2009-01-07 19:21 --------- d-----w c:\programdata\InstallShield
2009-01-07 19:20 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-07 01:56 --------- d-----w c:\program files\Combined Community Codec Pack
2009-01-06 19:44 --------- d-----w c:\programdata\ATI
2009-01-06 19:41 --------- d-----w c:\program files\ATI Technologies
2009-01-03 09:17 --------- d-----w c:\program files\GameSpy Arcade
2008-12-31 12:25 --------- d-----w c:\program files\EA GAMES
2008-12-31 02:00 --------- d-----w c:\program files\SpeedFan
2008-12-29 13:25 --------- d---a-w c:\programdata\TEMP
2008-12-16 15:04 --------- d-----w c:\program files\BurnAware Free
2008-12-16 01:27 --------- d-----w c:\program files\Lavalys
2008-12-14 21:30 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-14 21:23 --------- d-----w c:\program files\AVG
2008-12-14 21:13 --------- d-----w c:\program files\Common Files\PC Tools
2008-12-12 16:30 --------- d-----w c:\programdata\NVIDIA
2008-12-12 16:23 --------- d-----w c:\users\Jakke\AppData\Roaming\ATI
2008-12-12 16:21 --------- d-----w c:\program files\Common Files\ATI Technologies
2008-12-12 16:11 1,794,560 ----a-w c:\windows\Internet Logs\xDB643E.tmp
2008-12-11 20:05 --------- d-----w c:\programdata\Microsoft Help
2008-12-01 20:47 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll
2008-12-01 20:46 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2008-12-01 20:45 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2008-12-01 20:45 331,776 ----a-w c:\windows\System32\atipdlxx.dll
2008-12-01 20:45 274,432 ----a-w c:\windows\System32\Ati2evxx.dll
2008-12-01 20:45 262,144 ----a-w c:\windows\System32\Oemdspif.dll
2008-12-01 20:44 720,896 ----a-w c:\windows\System32\Ati2evxx.exe
2008-12-01 20:35 2,340,352 ----a-w c:\windows\System32\atidxx32.dll
2008-12-01 20:29 4,033,536 ----a-w c:\windows\System32\atiumdag.dll
2008-12-01 20:17 10,981,376 ----a-w c:\windows\System32\atioglxx.dll
2008-12-01 20:09 4,754,432 ----a-w c:\windows\System32\atiumdva.dll
2008-12-01 19:57 846,336 ----a-w c:\windows\System32\pbsetup.exe
2008-12-01 19:56 98,304 ----a-w c:\windows\System32\atiadlxx.dll
2008-12-01 19:56 57,344 ----a-w c:\windows\System32\amdcalrt.dll
2008-12-01 19:56 53,248 ----a-w c:\windows\System32\amdcalcl.dll
2008-12-01 19:56 50,688 ----a-w c:\windows\System32\amdpcom32.dll
2008-12-01 19:53 3,256,320 ----a-w c:\windows\System32\amdcaldd.dll
2008-11-20 13:04 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-11-20 12:59 22,328 ----a-w c:\users\Jakke\AppData\Roaming\PnkBstrK.sys
2008-11-20 12:58 2,250,024 ----a-w c:\windows\System32\pbsvc.exe
2008-09-22 19:21 2,928,600 ----a-w c:\users\Jakke\ccsetup211.exe
2008-09-08 11:52 585,933 ----a-w c:\users\Jakke\cpuz_147.zip
2008-04-16 17:57 174 --sha-w c:\program files\desktop.ini
2008-02-10 19:35 116 ----a-w c:\users\Yleinen\AppData\Roaming\wklnhst.dat
2008-01-15 14:51 113,152 ----a-w c:\program files\Asuntohakemus.doc
2008-01-14 11:29 32,981,120 ----a-w c:\program files\avg75free_516a1225.exe
2007-08-23 21:14 520,596 ----a-w c:\users\Jakke\sl.GameLauncher-Install-080.exe
2007-08-23 21:06 270,305,943 ----a-w c:\users\Jakke\WolfET.exe
2005-10-11 17:33 1,126,400 ----a-w c:\users\Jakke\cgame_mp_x86.dll
2005-09-26 19:05 364,544 ----a-w c:\users\Jakke\ui_mp_x86.dll
2008-06-07 22:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2008-05-13 13:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051320080514\index.dat
2008-06-07 22:41 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060820080609\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-02-10_21.18.32,05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-10 19:18:05 245,760 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-10 19:54:19 245,760 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-21 171448]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-19 192000]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Jakke\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Ai Nap"="c:\program files\ASUS\Ai Nap\AiNap.exe" [2008-05-26 1423360]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
c:\users\Yleinen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 -n?ytt?leikkeet ja Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-08-17 11:50 483144 c:\program files\Corel\Corel MediaOne\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-14 22:33 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 09:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= Profile=Public|c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{5E86D161-A321-4A82-8A79-8C2D4A2360F7}"= UDP:c:\program files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{9984BC10-C325-46E8-8042-B0231C62712F}"= TCP:c:\program files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{A520C653-CD1D-4E44-92E0-9ABBE0A7C13D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8F1C8649-1757-4B17-9834-0EB0EEDCF2EB}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{CB310B27-6C63-4EF2-92BB-B6D47BAC91DA}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{3186453A-D053-450A-9566-047029A4DAA2}"= Disabled:UDP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{0033281F-2467-440C-BA9C-45B3C0F83678}"= Disabled:TCP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{142313C5-4B77-4666-BD32-A8A5AA006B55}"= Disabled:UDP:c:\users\Jakke\Documents\Downloads\Anapod\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{7352203C-9465-4FE1-A99E-8B7E64083ECD}"= Disabled:TCP:c:\users\Jakke\Documents\Downloads\Anapod\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{7BD9C4D0-FB8F-49EE-A76C-0BE5914F48EE}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{664DB7A3-EF9C-4717-BBA4-B2A51B76F5BE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{60E1FBF2-2F64-42FF-AB2F-984047DC5CD3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4617F71D-51E9-4FEC-99C0-8549B3862A9A}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{27612DD1-0DB4-4533-825A-C86866049E6B}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{97B18344-FA5D-47A8-BF44-7D1A501A617D}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= UDP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"UDP Query User{4817311A-756A-49F4-9EDF-61D5587A794B}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= TCP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"{3A808C2A-DD1C-4DA5-9774-D3BA99D02600}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0BB35BD1-D7C1-47AB-8539-A93790EAAA57}"= TCP:21397:utorrent
"{C9C1D107-C05F-4069-84D4-DDB96FB3D7D1}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{88D026ED-0D5D-440A-BB7D-FC62A1C892E2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3CBBEDE7-0D67-483F-8315-073C771FBAB2}"= Disabled:c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{7E4DC6C4-8F21-42F1-A5E1-117A467E473E}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{534D945F-856F-4D64-A3D2-D95E96295030}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{DFBBB393-770E-41B1-A6B4-D34702298B49}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{CCAE937A-E631-49DC-AD86-1F5545857694}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{45A517BC-8ED1-4DAA-8175-1840CC63CF47}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{B6FF287D-A09E-4DEE-832E-1659B072FD0E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{8654E7A2-9D10-47BB-A069-8E8F976A39FA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{52FA914C-5A85-4A46-BA5A-31EE89436FA8}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8C0BCB84-20CD-48D9-B3DB-EE9C8F480242}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C9F9EC0F-28DB-4B03-9A87-7EC66A5BD363}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{85A6A6D3-0852-4137-8064-355357E4676E}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{F3DB9150-D445-4E6E-AE64-949D931C4E8A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{2453A31A-9147-48DB-93F4-62D453A58FB7}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{40538963-8EC1-45BE-94D5-AEE834E3658E}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{C51ABAEB-9801-4A28-9100-1D709023A2E3}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{1BD7C3C5-4752-40C6-B8CD-4C98B1051056}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{09BEFF4E-D93A-42F8-8F10-3D2CFECD910E}c:\\program files\\b2bpoker\\pokerihuone\\jre\\bin\\javaw.exe"= UDP:c:\program files\b2bpoker\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{0CC3CE34-3CFB-4447-8061-0FDB49DD772C}c:\\program files\\b2bpoker\\pokerihuone\\jre\\bin\\javaw.exe"= TCP:c:\program files\b2bpoker\pokerihuone\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\Anapod Explorer\\anamgr.exe"= d:\anapod explorer\anamgr.exe:*:Enabled:Anapod Xtreamer
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-12-14 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-30 107272]
R1 pctfw2;pctfw2;c:\windows\System32\drivers\pctfw2.sys [2008-06-10 160792]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-05-05 266343]
R2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [2003-09-29 110592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-14 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 298264]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [2009-01-19 27648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot\SDWinSec.exe [2008-07-25 809296]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\System32\drivers\CM108.sys [2007-06-28 1310720]
S0 NVStrap;NVStrap;c:\windows\System32\drivers\NVStrap.sys [2008-07-23 4224]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\System32\drivers\hcw95bda.sys [2007-11-23 467456]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\System32\drivers\hcw95rc.sys [2007-11-23 15488]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - e:\bin\assetup.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2009-02-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2009-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-722837541-283450161-3600718556-1000.job
- c:\users\Jakke\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-26 00:31]
2009-02-10 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-04-09 10:23]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://iltasanomat.fi/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fi.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jakke\AppData\Roaming\Mozilla\Firefox\Profiles\hgir040u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Jakke\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
---- FIREFOXIN KÄYTÄNNÖT ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 21:54:28
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
Valmistumisajankohta: 2009-02-10 21:56:26
ComboFix-quarantined-files.txt 2009-02-10 19:56:24
ComboFix2.txt 2009-02-10 19:20:08
Ennen ajoa: 68 714 668 032 tavua vapaana
Ajon jälkeen: 68,668,481,536 tavua vapaana
328 --- E O F --- 2009-02-09 01:09:57
|
|
Hujo
Suspended permanently
|
10. helmikuuta 2009 @ 22:11 |
Linkki tähän viestiin
|
Kirjoita suorita luukkuun
ComboFix /u
klikkaa ok
==============
Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
=============
Koneella on CCleaner
Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.
Voiko tietsikka koskaan toimia?
|
|
Mainos
|
|
|
|
jakke1983
Suspended due to non-functional email address
|
10. helmikuuta 2009 @ 22:31 |
Linkki tähän viestiin
|
|
Ajoin nuo ohjelmat ja tuntuu pelittävän paremmin, kiitoksia!!!
|
|
